| Proposer | Harm Roukema (DEIC) |
|---|---|
| Area | IDENTITY & ACCESS MANAGEMENT |
| Type of work | RESEARCH |
| Output | REPORT |
| History |
Received as TIM proposal
The goal is to research the security of Single Sign-On (SSO) implementations using fuzzing and possibly other methods. There are multiple popular SSO protocols. We plan to focus on OpenID Connect and SAML.
In this task, we
conduct literature research on the methods of fuzzing
research on the protocols and implementations targeted – focusing on the ones used in our community, with sensible default configurations
establish a plan to handle results (possible vulnerability information)
research on pre-existing vulnerabilities, further narrow down to fuzzing methods
define resource needs set up the fuzzing infrastructure, possibly spanning multiple NRENS
conduct the fuzzing
write a white paper on the results
depending on the results communicate with vendors/developers
The following parties will use the results of this activity:
| T&I Service | could use the security findings |
|---|---|
| R&E Community | - |
| External Party | - |
Activity Description